From owner-aaa-wg@merit.edu Mon Mar 06 13:34:42 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FGKXa-0006Pq-Kv
	for aaa-archive@lists.ietf.org; Mon, 06 Mar 2006 13:34:42 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FGKXZ-0004yA-DF
	for aaa-archive@lists.ietf.org; Mon, 06 Mar 2006 13:34:42 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 91718912AC; Mon,  6 Mar 2006 13:34:35 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 5EDB2912AF; Mon,  6 Mar 2006 13:34:35 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id ABB86912AC
	for <aaa-wg@trapdoor.merit.edu>; Mon,  6 Mar 2006 13:33:51 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id 8D7C758283; Mon,  6 Mar 2006 13:33:51 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id 72F9658281
	for <aaa-wg@segue.merit.edu>; Mon,  6 Mar 2006 13:33:51 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 74CF21847; Mon,  6 Mar 2006 13:33:51 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 05895-04 for <aaa-wg@merit.edu>;
 Mon,  6 Mar 2006 13:33:51 -0500 (EST)
Received: from ihemail2.lucent.com (ihemail2.lucent.com [192.11.222.163])
	by fiji.merit.edu (Postfix) with ESMTP id 17D631838
	for <aaa-wg@merit.edu>; Mon,  6 Mar 2006 13:33:48 -0500 (EST)
Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62])
	by ihemail2.lucent.com (8.12.11/8.12.11) with ESMTP id k26IXllV003573
	for <aaa-wg@merit.edu>; Mon, 6 Mar 2006 12:33:47 -0600 (CST)
Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72)
	id <DVB459LC>; Mon, 6 Mar 2006 19:33:46 +0100
Message-ID: <7D5D48D2CAA3D84C813F5B154F43B155097B8DC6@nl0006exch001u.nl.lucent.com>
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
To: "Aaa-Wg (E-mail)" <aaa-wg@merit.edu>
Subject: [AAA-WG]: FW: I-D was expired 
Date: Mon, 6 Mar 2006 19:33:43 +0100 
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain;
	charset="UTF-8"
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 856eb5f76e7a34990d1d457d8e8e5b7f

Was this draft to expire?
Or better, what is the plan with this one?

Bert

-----Original Message-----
From: I-D Expiring System [mailto:ietf-secretariat-reply@ietf.org]
Sent: Sunday, March 05, 2006 06:05
To: Bert Wijnen
Subject: I-D was expired 


draft-ietf-aaa-diameter-api-04.txt was just expired.
This I-D is in 'Ad is watching' state in ID Tracker.

Thanks,
IETF Secretariat.




From owner-aaa-wg@merit.edu Mon Mar 06 13:42:24 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FGKf2-0005Ar-08
	for aaa-archive@lists.ietf.org; Mon, 06 Mar 2006 13:42:24 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FGKf0-000570-OM
	for aaa-archive@lists.ietf.org; Mon, 06 Mar 2006 13:42:23 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 308ED912AF; Mon,  6 Mar 2006 13:42:15 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id E7DBC912B0; Mon,  6 Mar 2006 13:42:14 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id BFAD5912AF
	for <aaa-wg@trapdoor.merit.edu>; Mon,  6 Mar 2006 13:42:13 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id A340158285; Mon,  6 Mar 2006 13:42:13 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id 8ABE558281
	for <aaa-wg@segue.merit.edu>; Mon,  6 Mar 2006 13:42:13 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 8B7D0184D; Mon,  6 Mar 2006 13:42:13 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 06181-09 for <aaa-wg@merit.edu>;
 Mon,  6 Mar 2006 13:42:13 -0500 (EST)
Received: from mgw-ext02.nokia.com (mgw-ext02.nokia.com [131.228.20.94])
	by fiji.merit.edu (Postfix) with ESMTP id DC400183B
	for <aaa-wg@merit.edu>; Mon,  6 Mar 2006 13:42:12 -0500 (EST)
Received: from esebh108.NOE.Nokia.com (esebh108.ntc.nokia.com [172.21.143.145])
	by mgw-ext02.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k26Ig6Lb017809;
	Mon, 6 Mar 2006 20:42:06 +0200
Received: from esebh102.NOE.Nokia.com ([172.21.138.183]) by esebh108.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 6 Mar 2006 20:42:06 +0200
Received: from esebe100.NOE.Nokia.com ([172.21.138.118]) by esebh102.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Mon, 6 Mar 2006 20:42:05 +0200
X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
Subject: RE: [AAA-WG]: FW: I-D was expired 
Date: Mon, 6 Mar 2006 20:42:05 +0200
Message-ID: <1AA39B75171A7144A73216AED1D7478D01869DF4@esebe100.NOE.Nokia.com>
In-Reply-To: <7D5D48D2CAA3D84C813F5B154F43B155097B8DC6@nl0006exch001u.nl.lucent.com>
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
Thread-Topic: [AAA-WG]: FW: I-D was expired 
Thread-Index: AcZBTLQKzrDl8dRpSWyJfQCuI/VMHgAAObMA
From: <john.loughney@nokia.com>
To: <bwijnen@lucent.com>, <aaa-wg@merit.edu>
X-OriginalArrivalTime: 06 Mar 2006 18:42:06.0087 (UTC) FILETIME=[AAD2D970:01C6414D]
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.2 (/)
X-Scan-Signature: e5ba305d0e64821bf3d8bc5d3bb07228

Its being resubmitted into the DiME WG. I plan to see if we can start
a WG last call on it shortly.

John=20

>-----Original Message-----
>From: owner-aaa-wg@merit.edu [mailto:owner-aaa-wg@merit.edu]=20
>On Behalf Of ext Wijnen, Bert (Bert)
>Sent: 06 March, 2006 20:34
>To: Aaa-Wg (E-mail)
>Subject: [AAA-WG]: FW: I-D was expired=20
>
>Was this draft to expire?
>Or better, what is the plan with this one?
>
>Bert
>
>-----Original Message-----
>From: I-D Expiring System [mailto:ietf-secretariat-reply@ietf.org]
>Sent: Sunday, March 05, 2006 06:05
>To: Bert Wijnen
>Subject: I-D was expired=20
>
>
>draft-ietf-aaa-diameter-api-04.txt was just expired.
>This I-D is in 'Ad is watching' state in ID Tracker.
>
>Thanks,
>IETF Secretariat.
>
>



From owner-aaa-wg@merit.edu Tue Mar 07 11:04:49 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FGeg5-0000m0-SG
	for aaa-archive@lists.ietf.org; Tue, 07 Mar 2006 11:04:49 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FGeg4-000079-Iu
	for aaa-archive@lists.ietf.org; Tue, 07 Mar 2006 11:04:49 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 8ACD2912D4; Tue,  7 Mar 2006 11:04:40 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 230B2912D5; Tue,  7 Mar 2006 11:04:39 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id E7506912D3
	for <aaa-wg@trapdoor.merit.edu>; Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id C5B8558284; Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id AF22558283
	for <aaa-wg@segue.merit.edu>; Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 9783D1878; Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 27935-10 for <aaa-wg@merit.edu>;
 Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Received: from outbound.mailhop.org (outbound.mailhop.org [63.208.196.171])
	by fiji.merit.edu (Postfix) with ESMTP id 3DE7B186D
	for <aaa-wg@merit.edu>; Tue,  7 Mar 2006 11:04:21 -0500 (EST)
Received: from c-67-182-139-247.hsd1.wa.comcast.net ([67.182.139.247] helo=internaut.com)
	by outbound.mailhop.org with esmtpa (Exim 4.51)
	id 1FGefc-000H8m-Cg
	for aaa-wg@merit.edu; Tue, 07 Mar 2006 11:04:20 -0500
Received: by internaut.com (Postfix, from userid 1000)
	id DA21137D50; Tue,  7 Mar 2006 08:04:19 -0800 (PST)
X-Mail-Handler: MailHop Outbound by DynDNS
X-Originating-IP: 67.182.139.247
X-Report-Abuse-To: abuse@dyndns.com (see http://www.mailhop.org/outbound/abuse.html for abuse reporting information)
X-MHO-User: aboba
Date: Tue, 7 Mar 2006 08:04:19 -0800 (PST)
From: Bernard Aboba <aboba@internaut.com>
To: aaa-wg@merit.edu
Subject: [AAA-WG]: Review of RADIUS Digest-07 Document
Message-ID: <Pine.LNX.4.61.0603070803150.30870@internaut.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: bb8f917bb6b8da28fc948aeffb74aa17

A new version of the RADIUS Digest document has been submitted in response 
to IETF last call and IESG DISCUSS comments. Until the specification ends 
up on the archive, it is available here: 
http://www.drizzle.com/~aboba/RADEXT/draft-ietf-radext-digest-auth-07.txt

When it ends up on the archive, it will be available here:
http://www.ietf.org/internet-drafts/draft-ietf-radext-digest-auth-07.txt

Please examine this new version of the document to see whether it 
addresses the open issues, which were filed on the RADEXT WG issues list: 
http://www.drizzle.com/~aboba/RADEXT/

These include the following:

Issue #             Title                              Owner

---------- ------------------------- ---------------------- 
150           IANA Considerations          John Loughney
151           Another review               Kurt Zeilenga
152           Review                       Alexey Melnikov
159           Negotiation                  Wolfgang Beck
162           Nonce Replay Issue           Wolfgang Beck
173           Client Nonce Generation      Sam Hartman
174           Review                       Russ Housley
175           Some NITs                    Bert Wijnen

In particular, the following questions should have been addressed:

* Handling of client/server nonce generation (comments from Sam Hartman, 
  Glen Zorn and others) 
* Extensibility for new algorithms (Russ Housley)
* Editorial comments (many)






From owner-aaa-wg@merit.edu Fri Mar 10 08:22:45 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FHhZt-0002vb-Ji
	for aaa-archive@lists.ietf.org; Fri, 10 Mar 2006 08:22:45 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FHhZt-0006L6-9h
	for aaa-archive@lists.ietf.org; Fri, 10 Mar 2006 08:22:45 -0500
Received: by trapdoor.merit.edu (Postfix)
	id CE39691247; Fri, 10 Mar 2006 08:22:36 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 99ADE91249; Fri, 10 Mar 2006 08:22:36 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id 7147491247
	for <aaa-wg@trapdoor.merit.edu>; Fri, 10 Mar 2006 08:22:35 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id 5220D58285; Fri, 10 Mar 2006 08:22:35 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id 36BF758281
	for <aaa-wg@segue.merit.edu>; Fri, 10 Mar 2006 08:22:35 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 35FC317F0; Fri, 10 Mar 2006 08:22:35 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 28496-02 for <aaa-wg@merit.edu>;
 Fri, 10 Mar 2006 08:22:34 -0500 (EST)
Received: from mgw-ext03.nokia.com (mgw-ext03.nokia.com [131.228.20.95])
	by fiji.merit.edu (Postfix) with ESMTP id 863E317EB
	for <aaa-wg@merit.edu>; Fri, 10 Mar 2006 08:22:34 -0500 (EST)
Received: from esebh106.NOE.Nokia.com (esebh106.ntc.nokia.com [172.21.138.213])
	by mgw-ext03.nokia.com (Switch-3.1.7/Switch-3.1.7) with ESMTP id k2ADLTxU005612;
	Fri, 10 Mar 2006 15:21:29 +0200
Received: from esebh001.NOE.Nokia.com ([172.21.138.28]) by esebh106.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Fri, 10 Mar 2006 15:21:59 +0200
Received: from [127.0.0.1] ([172.21.35.140]) by esebh001.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Fri, 10 Mar 2006 15:21:59 +0200
Message-ID: <44117D76.5050004@nokia.com>
Date: Fri, 10 Mar 2006 15:21:58 +0200
From: Miguel Garcia <Miguel.An.Garcia@nokia.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: AAA mailing list <aaa-wg@merit.edu>
Cc: "Beck01, Wolfgang" <BeckW@t-systems.com>
Subject: [AAA-WG]: [DSA]: Generation of nonces
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 10 Mar 2006 13:21:59.0656 (UTC) FILETIME=[9C8D0E80:01C64445]
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: e1e48a527f609d1be2bc8d8a70eb76cb

As you may know, the Diameter SIP application is under IESG review. 
There have been some comments that you can follow in the data tracker:

https://datatracker.ietf.org/public/pidtracker.cgi?command=view_id&dTag=10945&rfc_flag=0

The important comment is originated by the Security ADs: there is an 
issue with the generation of nonces in the client. The issue was first 
identified in the RADIUS extension for HTTP/SIP authentication, and the 
resolution should be unique for both RADIUS and Diameter. The exact 
issue is recorded here:

https://datatracker.ietf.org/public/pidtracker.cgi?command=view_comment&id=43578

The RADIUS draft was re-issued recently, and already tried to address 
this issue by providing an known algorithm for creating and verifying 
nonces. This hasn't been revised by the Security ADs yet, so it is 
unknown at this stage if this clears that discuss or not. But just in 
case it clears it, we may need to add similar wording to the Diameter 
SIP application.

So, I would like that the AAA group reviews a couple of sections of the 
RADIUS Digest draft to find out if we are ok with the nonce generation 
guidelines. If we find no objections and if this is ok to the Security 
ADs, we will add it to the Diameter document.

The latest version of the RADIUS Digest draft is:

http://www.ietf.org/internet-drafts/draft-ietf-radext-digest-auth-07.txt

Sections that are relevant for the nonce generation in the client are 
3.2.5 and 3.3.2.

Please, comment and speak if you have problems. Copy Wolfgang in the 
discussion.

/Miguel
-- 
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland




From owner-aaa-wg@merit.edu Sun Mar 19 00:44:10 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FKqi2-000373-Hp
	for aaa-archive@lists.ietf.org; Sun, 19 Mar 2006 00:44:10 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FKqi1-0007Qb-5V
	for aaa-archive@lists.ietf.org; Sun, 19 Mar 2006 00:44:10 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 50C7491203; Sun, 19 Mar 2006 00:44:00 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 1C6DA91233; Sun, 19 Mar 2006 00:44:00 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id D3C6A91203
	for <aaa-wg@trapdoor.merit.edu>; Sun, 19 Mar 2006 00:43:58 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id BB62658284; Sun, 19 Mar 2006 00:43:58 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id 7ABC158281
	for <aaa-wg@segue.merit.edu>; Sun, 19 Mar 2006 00:43:58 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 7B3ED1898; Sun, 19 Mar 2006 00:43:58 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 06913-08 for <aaa-wg@merit.edu>;
 Sun, 19 Mar 2006 00:43:58 -0500 (EST)
Received: from ihemail1.lucent.com (ihemail1.lucent.com [192.11.222.161])
	by fiji.merit.edu (Postfix) with ESMTP id 170C2188F
	for <aaa-wg@merit.edu>; Sun, 19 Mar 2006 00:43:57 -0500 (EST)
Received: from nl0006exch001h.wins.lucent.com (h135-85-76-62.lucent.com [135.85.76.62])
	by ihemail1.lucent.com (8.12.11/8.12.11) with ESMTP id k2J5hsTI017357;
	Sat, 18 Mar 2006 23:43:54 -0600 (CST)
Received: by nl0006exch001h.nl.lucent.com with Internet Mail Service (5.5.2657.72)
	id <G3YW6LQG>; Sun, 19 Mar 2006 06:43:52 +0100
Message-ID: <7D5D48D2CAA3D84C813F5B154F43B155098E2111@nl0006exch001u.nl.lucent.com>
From: "Wijnen, Bert (Bert)" <bwijnen@lucent.com>
To: Bernard Aboba <aboba@internaut.com>, radiusext@ops.ietf.org
Cc: aaa-wg@merit.edu
Subject: [AAA-WG]: RE: Review of RADIUS Digest-07 Document
Date: Sun, 19 Mar 2006 06:43:53 +0100
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2657.72)
Content-Type: text/plain
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 00e94c813bef7832af255170dca19e36

[when responding, it is probably best to only copy the radiusext
 WG list and not the AAA WG list.]

Do the new rev is available, in fact has been since Mar 8th.

Do we have consensus that this is now OK and that we can check
if security ADs are also happy, and as a result we can then 
also finish the draft-ietf-aaa-diameter-sip-app-xx.txt document?

It would be really great if we can finalize (i.e. get acceptable
I-Ds posted) by Wed at the latest, so we can try and clear these
2 documents for approval.

Pleas keep in mind my response to the updated version:
  > Wolfgang wrote:
  > my main focus for the -07 version was to address the 'discuss'
  > points from the IESG site.
  >  
  In fact, since the document was (and basically still is) in IESG evaluation,
  I think the WG should not add new issues/concerns unless there is a FATAL
  FLAW that we discovered late. 

  Bert (speaking as one of the ADs).

Bert

> -----Original Message-----
> From: owner-aaa-wg@merit.edu 
> [mailto:owner-aaa-wg@merit.edu]On Behalf Of
> Bernard Aboba
> Sent: Tuesday, March 07, 2006 17:04
> To: aaa-wg@merit.edu
> Subject: [AAA-WG]: Review of RADIUS Digest-07 Document
> 
> 
> A new version of the RADIUS Digest document has been 
> submitted in response 
> to IETF last call and IESG DISCUSS comments. Until the 
> specification ends 
> up on the archive, it is available here: 
> http://www.drizzle.com/~aboba/RADEXT/draft-ietf-radext-digest-
> auth-07.txt
> 
> When it ends up on the archive, it will be available here:
> http://www.ietf.org/internet-drafts/draft-ietf-radext-digest-a
> uth-07.txt
> 
> Please examine this new version of the document to see whether it 
> addresses the open issues, which were filed on the RADEXT WG 
> issues list: 
> http://www.drizzle.com/~aboba/RADEXT/
> 
> These include the following:
> 
> Issue #             Title                              Owner
> 
> ---------- ------------------------- ---------------------- 
> 150           IANA Considerations          John Loughney
> 151           Another review               Kurt Zeilenga
> 152           Review                       Alexey Melnikov
> 159           Negotiation                  Wolfgang Beck
> 162           Nonce Replay Issue           Wolfgang Beck
> 173           Client Nonce Generation      Sam Hartman
> 174           Review                       Russ Housley
> 175           Some NITs                    Bert Wijnen
> 
> In particular, the following questions should have been addressed:
> 
> * Handling of client/server nonce generation (comments from 
> Sam Hartman, 
>   Glen Zorn and others) 
> * Extensibility for new algorithms (Russ Housley)
> * Editorial comments (many)
> 
> 
> 



From owner-aaa-wg@merit.edu Mon Mar 20 07:14:10 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FLJH0-0003Dt-Ng
	for aaa-archive@lists.ietf.org; Mon, 20 Mar 2006 07:14:10 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FLJGz-0007dt-Fm
	for aaa-archive@lists.ietf.org; Mon, 20 Mar 2006 07:14:10 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 7CF239123C; Mon, 20 Mar 2006 07:14:00 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 4C91F9123D; Mon, 20 Mar 2006 07:14:00 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id 036319123C
	for <aaa-wg@trapdoor.merit.edu>; Mon, 20 Mar 2006 07:13:58 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id E4F0558285; Mon, 20 Mar 2006 07:13:58 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id D013958283
	for <aaa-wg@segue.merit.edu>; Mon, 20 Mar 2006 07:13:58 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id CFC1C18B7; Mon, 20 Mar 2006 07:13:58 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 26315-04 for <aaa-wg@merit.edu>;
 Mon, 20 Mar 2006 07:13:58 -0500 (EST)
X-Greylist: delayed 608 seconds by postgrey-1.21 at fiji.merit.edu; Mon, 20 Mar 2006 07:13:58 EST
Received: from huawei.com (szxga03-in.huawei.com [61.144.161.55])
	by fiji.merit.edu (Postfix) with ESMTP id 32DDF18B1
	for <aaa-wg@merit.edu>; Mon, 20 Mar 2006 07:13:58 -0500 (EST)
Received: from huawei.com (szxga03-in [172.24.2.9])
 by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar
 3 2004)) with ESMTP id <0IWF00B8ADUEHF@szxga03-in.huawei.com> for
 aaa-wg@merit.edu; Mon, 20 Mar 2006 20:11:02 +0800 (CST)
Received: from huawei.com ([172.24.1.3])
 by szxga03-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar
 3 2004)) with ESMTP id <0IWF00DDNDUB9B@szxga03-in.huawei.com> for
 aaa-wg@merit.edu; Mon, 20 Mar 2006 20:11:02 +0800 (CST)
Received: from huawei1515 ([10.18.5.144])
 by szxml01-in.huawei.com (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar
 3 2004)) with ESMTPA id <0IWF00L8ZE9T8W@szxml01-in.huawei.com> for
 aaa-wg@merit.edu; Mon, 20 Mar 2006 20:20:19 +0800 (CST)
Date: Mon, 20 Mar 2006 17:33:29 +0530
From: Rajith R <rajithr@huawei.com>
Subject: [AAA-WG]: Diameter CM state machine
To: aaa-wg@merit.edu
Reply-To: rajithr@huawei.com
Message-id: <000001c64c16$4e615170$9005120a@china.huawei.com>
Organization: huawei
MIME-version: 1.0
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Mailer: Microsoft Outlook, Build 10.0.4024
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7BIT
Importance: Normal
X-Priority: 3 (Normal)
X-MSMail-priority: Normal
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 798b2e660f1819ae38035ac1d8d5e3ab


Hi
	I have some doubts about the DIAMETER state machine (sec 5.6 of
RFC 3588):

1. R-Open    R-Rcv-CER        R-Snd-CEA        R-Open
    
I-Open   I-Rcv-CER        I-Snd-CEA        I-Open

What is the use of the state transition considerations above? 
Could any one tell me how after the peers have exchanged CER-CEA (& thus
moving to the open state) can receive a CER again?

2. For the above 2 transitions, if the received CER has some protocol
error, what should be the behaviour? Ignore / only send error CEA / send
error CEA  & close connection?

Regards

Rajith





From owner-aaa-wg@merit.edu Mon Mar 20 09:27:39 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FLLMB-0006Dp-Br
	for aaa-archive@lists.ietf.org; Mon, 20 Mar 2006 09:27:39 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FLLMA-0003r2-46
	for aaa-archive@lists.ietf.org; Mon, 20 Mar 2006 09:27:39 -0500
Received: by trapdoor.merit.edu (Postfix)
	id C06259123D; Mon, 20 Mar 2006 09:27:29 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 9010F9123F; Mon, 20 Mar 2006 09:27:29 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id 431DF9123D
	for <aaa-wg@trapdoor.merit.edu>; Mon, 20 Mar 2006 09:27:28 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id 2D89058285; Mon, 20 Mar 2006 09:27:28 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id 1885758283
	for <aaa-wg@segue.merit.edu>; Mon, 20 Mar 2006 09:27:28 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id 0A37718C7; Mon, 20 Mar 2006 09:27:28 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 28437-07 for <aaa-wg@merit.edu>;
 Mon, 20 Mar 2006 09:27:27 -0500 (EST)
X-Greylist: delayed 1603 seconds by postgrey-1.21 at fiji.merit.edu; Mon, 20 Mar 2006 09:27:27 EST
Received: from toshi17.tari.toshiba.com (mgw.toshibaamericaresearch.com [165.254.55.12])
	by fiji.merit.edu (Postfix) with ESMTP id 93EF218C0
	for <aaa-wg@merit.edu>; Mon, 20 Mar 2006 09:27:27 -0500 (EST)
Received: from [127.0.0.1] (mgw.toshibaamericaresearch.com [165.254.55.12])
	by toshi17.tari.toshiba.com (8.13.1/8.13.1) with ESMTP id k2KDwKpg067115;
	Mon, 20 Mar 2006 08:58:20 -0500 (EST)
	(envelope-from vfajardo@tari.toshiba.com)
Message-ID: <441EB4FE.90206@tari.toshiba.com>
Date: Mon, 20 Mar 2006 08:58:22 -0500
From: Victor Fajardo <vfajardo@tari.toshiba.com>
User-Agent: Debian Thunderbird 1.0.7 (X11/20051017)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: rajithr@huawei.com
Cc: aaa-wg@merit.edu
Subject: Re: [AAA-WG]: Diameter CM state machine
References: <000001c64c16$4e615170$9005120a@china.huawei.com>
In-Reply-To: <000001c64c16$4e615170$9005120a@china.huawei.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.1 (/)
X-Scan-Signature: 97adf591118a232206bdb5a27b217034

Hi,

>Hi
>	I have some doubts about the DIAMETER state machine (sec 5.6 of
>RFC 3588):
>
>1. R-Open    R-Rcv-CER        R-Snd-CEA        R-Open
>    
>I-Open   I-Rcv-CER        I-Snd-CEA        I-Open
>
>What is the use of the state transition considerations above? 
>Could any one tell me how after the peers have exchanged CER-CEA (& thus
>moving to the open state) can receive a CER again?
>
>2. For the above 2 transitions, if the received CER has some protocol
>error, what should be the behaviour? Ignore / only send error CEA / send
>error CEA  & close connection?
>  
>
This issue is currently being discussed in another dime thread.

regards,
victor

>Regards
>
>Rajith
>
>
>
>
>  
>




From owner-aaa-wg@merit.edu Tue Mar 28 06:56:53 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FOCof-0007uo-2k
	for aaa-archive@lists.ietf.org; Tue, 28 Mar 2006 06:56:53 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FOCoc-0006wn-Pm
	for aaa-archive@lists.ietf.org; Tue, 28 Mar 2006 06:56:53 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 3F1AF91268; Tue, 28 Mar 2006 06:56:42 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id ED1C39122C; Tue, 28 Mar 2006 06:56:41 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id F3E2C9125E
	for <aaa-wg@trapdoor.merit.edu>; Tue, 28 Mar 2006 06:56:38 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id E06F258284; Tue, 28 Mar 2006 06:56:38 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id C15F758282
	for <aaa-wg@segue.merit.edu>; Tue, 28 Mar 2006 06:56:38 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id AA88118AD; Tue, 28 Mar 2006 06:56:38 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 07145-07 for <aaa-wg@merit.edu>;
 Tue, 28 Mar 2006 06:56:38 -0500 (EST)
Received: from mgw-ext11.nokia.com (mgw-ext11.nokia.com [131.228.20.170])
	by fiji.merit.edu (Postfix) with ESMTP id 192E1183A
	for <aaa-wg@merit.edu>; Tue, 28 Mar 2006 06:56:37 -0500 (EST)
Received: from esebh107.NOE.Nokia.com (esebh107.ntc.nokia.com [172.21.143.143])
	by mgw-ext11.nokia.com (Switch-3.1.8/Switch-3.1.7) with ESMTP id k2SBtNV2013125;
	Tue, 28 Mar 2006 14:55:26 +0300
Received: from esebh002.NOE.Nokia.com ([172.21.138.77]) by esebh107.NOE.Nokia.com with Microsoft SMTPSVC(6.0.3790.1830);
	 Tue, 28 Mar 2006 14:56:18 +0300
Received: from [127.0.0.1] ([10.162.19.235]) by esebh002.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6881);
	 Tue, 28 Mar 2006 14:56:17 +0300
Message-ID: <44292461.5060602@nokia.com>
Date: Tue, 28 Mar 2006 14:56:17 +0300
From: Miguel Garcia <Miguel.An.Garcia@nokia.com>
User-Agent: Thunderbird 1.5 (Windows/20051201)
MIME-Version: 1.0
To: AAA mailing list <aaa-wg@merit.edu>
Cc: "Beck01, Wolfgang" <BeckW@t-systems.com>
Subject: [AAA-WG]: [Fwd: digest-auth surgery in Dallas]
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-OriginalArrivalTime: 28 Mar 2006 11:56:18.0003 (UTC) FILETIME=[9F529230:01C6525E]
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 21c69d3cfc2dd19218717dbe1d974352

This is of interest to the AAA mailing list, due to the implications in 
the Diameter SIP application.

Anyone with problems in removing the client generation in the Diameter 
client, please speak now, and copy the radext list too.

/Miguel

-------- Original Message --------
Subject: digest-auth surgery in Dallas
Date: Tue, 28 Mar 2006 13:39:45 +0200
From: ext Beck01, Wolfgang <BeckW@t-systems.com>
To: radiusext@ops.ietf.org
CC: miguel.an.garcia@nokia.com

Hi,

during the RADEXT meeting in Dallas, we came to the conclusion that removing
the client nonce generation mode would solve most - if not all - of
the remaining issues with draft-ietf-radext-digest-auth.

Miguel would have to remove the relating parts from his Diameter draft
as well (sorry).

Anybody objecting to this proposal should speak up >>now<< and suggest how
to address the issues as outlined in
http://www3.ietf.org/proceedings/06mar/slides/radext-0.pdf


Wolfgang

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany

-- 
Miguel A. Garcia           tel:+358-50-4804586
sip:miguel.an.garcia@openlaboratory.net
Nokia Research Center      Helsinki, Finland




From owner-aaa-wg@merit.edu Tue Mar 28 10:57:07 2006
Received: from [10.91.34.44] (helo=ietf-mx.ietf.org)
	by megatron.ietf.org with esmtp (Exim 4.43)
	id 1FOGZ9-0002nw-8m
	for aaa-archive@lists.ietf.org; Tue, 28 Mar 2006 10:57:07 -0500
Received: from trapdoor.merit.edu ([198.108.1.26])
	by ietf-mx.ietf.org with esmtp (Exim 4.43)
	id 1FOGZ7-0000Fk-Vz
	for aaa-archive@lists.ietf.org; Tue, 28 Mar 2006 10:57:07 -0500
Received: by trapdoor.merit.edu (Postfix)
	id 6913391262; Tue, 28 Mar 2006 10:56:57 -0500 (EST)
Delivered-To: aaa-wg-outgoing@trapdoor.merit.edu
Received: by trapdoor.merit.edu (Postfix, from userid 56)
	id 369E591274; Tue, 28 Mar 2006 10:56:57 -0500 (EST)
Delivered-To: aaa-wg@trapdoor.merit.edu
Received: from segue.merit.edu (segue.merit.edu [198.108.1.41])
	by trapdoor.merit.edu (Postfix) with ESMTP id 0001091262
	for <aaa-wg@trapdoor.merit.edu>; Tue, 28 Mar 2006 10:56:55 -0500 (EST)
Received: by segue.merit.edu (Postfix)
	id E054858285; Tue, 28 Mar 2006 10:56:55 -0500 (EST)
Delivered-To: aaa-wg@segue.merit.edu
Received: from fiji.merit.edu (fiji.merit.edu [198.108.1.12])
	by segue.merit.edu (Postfix) with ESMTP id CC08F58284
	for <aaa-wg@segue.merit.edu>; Tue, 28 Mar 2006 10:56:55 -0500 (EST)
Received: by fiji.merit.edu (Postfix)
	id B5ACD18A9; Tue, 28 Mar 2006 10:56:55 -0500 (EST)
Delivered-To: aaa-wg@merit.edu
Received: from fiji.merit.edu ([127.0.0.1])
 by localhost (fiji.merit.edu [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id 11666-10 for <aaa-wg@merit.edu>;
 Tue, 28 Mar 2006 10:56:55 -0500 (EST)
X-Greylist: delayed 1200 seconds by postgrey-1.21 at fiji.merit.edu; Tue, 28 Mar 2006 10:56:54 EST
Received: from tcmail22.telekom.de (tcmail22.telekom.de [217.6.95.236])
	by fiji.merit.edu (Postfix) with ESMTP id E0402185D
	for <aaa-wg@merit.edu>; Tue, 28 Mar 2006 10:56:54 -0500 (EST)
Received: from g9jbr.mgb01.telekom.de (g9jbr.mgb01.telekom.de [164.20.31.6]) by tcmail21.dmz.telekom.de with ESMTP; Tue, 28 Mar 2006 17:36:50 +0200
Received: by G9JBR.mgb01.telekom.de with Internet Mail Service (5.5.2653.19)
	id <HXL7MDWM>; Tue, 28 Mar 2006 17:36:50 +0200
Message-Id: <1E4CCB2441C5C0409AD8A929482A09F31BB698@S4DE9JSAAIG.ost.t-com.de>
From: "Beck01, Wolfgang" <BeckW@t-systems.com>
To: Miguel.An.Garcia@nokia.com, aaa-wg@merit.edu
Subject: AW: [AAA-WG]: [DSA]: Generation of nonces
Date: Tue, 28 Mar 2006 17:36:47 +0200
MIME-Version: 1.0
X-Mailer: Internet Mail Service (5.5.2653.19)
Content-Type: text/plain
X-Virus-Scanned: amavisd-new at merit.edu
Sender: owner-aaa-wg@merit.edu
Precedence: bulk
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 8abaac9e10c826e8252866cbe6766464



Miguel wrote:
> The RADIUS draft was re-issued recently, and already tried to address 
> this issue by providing an known algorithm for creating and verifying 
> nonces. This hasn't been revised by the Security ADs yet, so it is 
> unknown at this stage if this clears that discuss or not. But just in 
> case it clears it, we may need to add similar wording to the Diameter 
> SIP application.
People didn't like that algorithm too much. The conclusion at the RADEXT
meeting in Dallas was to remove the RADIUS/Diameter client nonce
generation entirely. Without that mode, the security issue vanishes. The
AAA server itself can check the nonce validity using the scheme proposed
in RfC 2617 3.2.1

As RfC 2617 uses the challenge message not only to convey the nonce
but some capability information (like supported digest algorithms),
AAA client nonce generation requires additional manual configuration.

Removing that mode would improve the drafts.


Wolfgang

--
T-Systems
Next Generation IP Services and Systems
+49 6151 937 2863
Am Kavalleriesand 3
64295 Darmstadt
Germany